package edu.tgc.security;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

public class CaptchaUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {

    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
        HttpSession session = request.getSession();
        String captcha = (String) session.getAttribute("captcha");
        String input = request.getParameter("captcha");
        if (input.equals(captcha)) {
            return super.attemptAuthentication(request, response);
        } else {
            System.out.println(this.messages.getMessage("LdapAuthenticationProvider.emptyUsername", "captcha error"));
            System.out.println(this.messages.getMessage("test", "captcha error"));
            throw new CaptchaException(this.messages.getMessage("test", "captcha error"));
        }
    }

}
